package com.pek.security;

import com.pek.control.util.RedisUtil;
import jakarta.annotation.PostConstruct;
import org.apache.el.parser.Token;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
public class SecurityConfig {
    @Autowired
    private MyDetailService detailService;

    @Autowired
    private RedisUtil redisUtil;

    @Bean
    public PasswordEncoder passwordEncoder() {
//        return new BCryptPasswordEncoder();
        return NoOpPasswordEncoder.getInstance();
    }

    @Bean
    public AuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
        authenticationProvider.setUserDetailsService(detailService);
        authenticationProvider.setPasswordEncoder(passwordEncoder());
        authenticationProvider.setHideUserNotFoundExceptions(false);
        return authenticationProvider;
    }

    @Bean
    public AuthenticationManager authenticationManager() {
        return new ProviderManager(authenticationProvider());
    }


    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                //这里需要开启cors 否则SpringWebConfig会失效
                .cors()
                .and()
                .csrf().disable();
        http
                .exceptionHandling()
                .authenticationEntryPoint(new AuthErrorPoint())
                .accessDeniedHandler(new AccessDeniedPoint());
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authenticationProvider(authenticationProvider())
                .authorizeHttpRequests()
                .requestMatchers("/product/random").permitAll()
                .requestMatchers("/product/randomQuery").permitAll()
                .requestMatchers("/product/query").permitAll()
                .requestMatchers("/product/list").permitAll()
                .requestMatchers("/article/query").permitAll()
                .requestMatchers("/article/list").permitAll()
                .requestMatchers("/config/getValue").permitAll()
                .requestMatchers("/config/getValues").permitAll()
                .requestMatchers("/type/list").permitAll()
                .requestMatchers("/anon/**").permitAll()
                .requestMatchers("/auth/**").permitAll()
                .anyRequest()
                .authenticated();
        http.addFilterBefore(new TokenFilter(redisUtil, authenticationManager()), UsernamePasswordAuthenticationFilter.class);
        return http.build();
    }

}
